If you run curl waste.st you also get the “manpage”
The goal was to make it do uploads without a ton of frameworks. The front page is around one request under 20K. It also has a special emoji url: https://[waste bin emoji].st that HN doesn’t support.
I love using 0x0.st for something similar - sharing files (not the purpose of a pastebin, where the file is to be viewed, not downloaded). Curl-based access is perfect :)
I would personally suggest that this site probably "wants" accounts. Yes, with CAPTCHAs (on registration.) If you want to be able to ban people who abuse your service, you'll need some thing-that-is-costly-to-get-multiple-of to ban them by. Otherwise they just keep coming back.
To still be a "console-friendly pastebin", the result of doing that costly registration process, could just be a page that gives you a (private) URL, that works like the base URL does now. https://paste.c-net.org/b/{bucket} or something, where {bucket} is a UUIDv4, or anything else with enough entropy to not be able to brute-force enumerate your way into someone else's account URL.
The uploaded files themselves could still have short human-writable top-level paths, for ease of repeating them over the phone.
Though, I notice that when you upload a file, you get a "delete key" as well as a URL. IMHO the "delete key" shouldn't be a weird nonstandard header you send with an HTTP DELETE; it should just be a URL — e.g. https://paste.c-net.org/b/{bucket}/{delete_key} — that you can HTTP DELETE directly.
In other words, make /b/{bucket}/{delete_key} the file's "true name", and /{link} a "read-only view" of the file.
When you say abused, I assume you mean either CSAM or copyrighted material?
Is there a hash database or something that could be queried to block known bad stuff? (would probably fail in the face of compression or encryption, but catching the low-hanging fruit would at least probably handle any potential legal liability?) Seems like something useful AI would actually work well for, if FBI/publishers/etc., would train a model and release it or host a service with an API.
I self-host OFTN Zerodrop as a pastebin with CAPTCHA support along with binary uploads and conditional routing.
Unfortunately I still ended up taking down my publicly accessible demo to not have to deal with the legal risk of potential abuse, but this software is free for others to host and is written in Go.
I would assume it means "the law in whatever country you're in." By definition, I can't break the North Korean law against criticizing their leader, it doesn't apply to me.
I made a similar thing: https://waste.st/waste.1
If you run curl waste.st you also get the “manpage”
The goal was to make it do uploads without a ton of frameworks. The front page is around one request under 20K. It also has a special emoji url: https://[waste bin emoji].st that HN doesn’t support.
I love using 0x0.st for something similar - sharing files (not the purpose of a pastebin, where the file is to be viewed, not downloaded). Curl-based access is perfect :)
Check out https://txtd.cc it supports raw data for curl and custom urls & other stuff like markdown formatting.
punycode encoded: https://xn--108h.st/
> This is a console friendly pastebin that allows binary files. No fancy website, no intermediate pages to click through, and no CAPTCHAs.
The site is cool, but is it not just going to be abused?
It very likely will be, yes.
I would personally suggest that this site probably "wants" accounts. Yes, with CAPTCHAs (on registration.) If you want to be able to ban people who abuse your service, you'll need some thing-that-is-costly-to-get-multiple-of to ban them by. Otherwise they just keep coming back.
To still be a "console-friendly pastebin", the result of doing that costly registration process, could just be a page that gives you a (private) URL, that works like the base URL does now. https://paste.c-net.org/b/{bucket} or something, where {bucket} is a UUIDv4, or anything else with enough entropy to not be able to brute-force enumerate your way into someone else's account URL.
The uploaded files themselves could still have short human-writable top-level paths, for ease of repeating them over the phone.
Though, I notice that when you upload a file, you get a "delete key" as well as a URL. IMHO the "delete key" shouldn't be a weird nonstandard header you send with an HTTP DELETE; it should just be a URL — e.g. https://paste.c-net.org/b/{bucket}/{delete_key} — that you can HTTP DELETE directly.
In other words, make /b/{bucket}/{delete_key} the file's "true name", and /{link} a "read-only view" of the file.
I have heard good things about https://www.stopforumspam.com/.
When you say abused, I assume you mean either CSAM or copyrighted material?
Is there a hash database or something that could be queried to block known bad stuff? (would probably fail in the face of compression or encryption, but catching the low-hanging fruit would at least probably handle any potential legal liability?) Seems like something useful AI would actually work well for, if FBI/publishers/etc., would train a model and release it or host a service with an API.
> catching the low-hanging fruit would at least probably handle any potential legal liability?
Actually No. It take 5 minutes to create a script to randomize a password, encrypt and upload.
Abusers have been doing the same for 20+ years and it is very effective.
Nice! I used a similar site, termbin.com, for some time now, though it uses netcat to upload files. Definitely useful!
I self-host OFTN Zerodrop as a pastebin with CAPTCHA support along with binary uploads and conditional routing.
Unfortunately I still ended up taking down my publicly accessible demo to not have to deal with the legal risk of potential abuse, but this software is free for others to host and is written in Go.
I like it, but this could do with being just the slightest bit more specific:
> Don't break the law, don't post illegal shit, don't be an asshole.
The law in which country? All countries? Do I have to avoid uploading depictions of Mohammed, or insulting statements about the president of Turkiye?
I would assume it means "the law in whatever country you're in." By definition, I can't break the North Korean law against criticizing their leader, it doesn't apply to me.
When someone assumes you know what English-speaking country they're referring to, it is likely to be the US.
'ken oath mate, whenever I see people typing the queens I always reckon they're one of US.
https://github.com/dutchcoders/transfer.sh/ is a similar project for self-hosting.
Very nice, and the urls use random words instead of random strings. Thank you.
https://paste.c-net.org/ImproperAttacked
https://paste.c-net.org/HanukkahDisplays
https://paste.c-net.org/HurtingJunior
This rules. Hope it stays up.
Not open source as far as I can tell?